apiVersion: v1
data:
  kubesphere.yaml: |
    authentication:
      authenticateRateLimiterMaxTries: {{ authentication.authenticateRateLimiterMaxTries | default(10) }}
      authenticateRateLimiterDuration: {{ authentication.authenticationRateLimiterDuration | default("10m0s") }}
      loginHistoryRetentionPeriod: {{ authentication.loginHistoryRetentionPeriod | default("168h") }}
      maximumClockSkew: {{ authentication.maximumClockSkew | default("10s") }}
      multipleLogin: {{ console.enableMultiLogin | default(true) }}
      kubectlImage: {{ ks_kubectl_repo }}:{{ ks_kubectl_tag }}
      jwtSecret: "{{ ks_secret_str.stdout }}"
{% if multicluster.clusterRole is defined and multicluster.clusterRole == "member" %}
      oauthOptions:
        accessTokenMaxAge: 0
{% endif %}
    ldap:
      host: openldap.kubesphere-system.svc:389
      managerDN: cn=admin,dc=kubesphere,dc=io
      managerPassword: admin
      userSearchBase: ou=Users,dc=kubesphere,dc=io
      groupSearchBase: ou=Groups,dc=kubesphere,dc=io
    redis:
      host: redis.kubesphere-system.svc
      port: 6379
      password: {{ common.redisPasswd | default('""') }}
      db: 0
{% if devops.enabled or openpitrix.enabled %}
    s3:
      endpoint: http://minio.kubesphere-system.svc:9000
      region: us-east-1
      disableSSL: true
      forcePathStyle: true
      accessKeyID: openpitrixminioaccesskey
      secretAccessKey: openpitrixminiosecretkey
      bucket: s2i-binaries
{% endif %}
{% if devops.enabled or openpitrix.enabled or notification.enabled or alerting.enabled %}
    mysql:
      host: mysql.kubesphere-system.svc:3306
      username: {{ common.mysqlUsername | default("root") }}
      password: {{ common.mysqlPassword | default("password") }}
      maxIdleConnections: 100
      maxOpenConnections: 100
      maxConnectionLifeTime: 10s
{% endif %}
{% if networkpolicy is defined and networkpolicy.enabled is defined and networkpolicy.enabled %}
    network:
      enableNetworkPolicy: true
{% endif %}
{% if devops.enabled is defined and devops.enabled == true %}
    devops:
      host: http://ks-jenkins.kubesphere-devops-system.svc/
      username: admin
      password: {{ ks_token_str.stdout }}
      maxConnections: 100
{% if sonarQubeHost is defined and sonarQubeToken is defined %}
    sonarQube:
      host: {{ sonarQubeHost }}
      token: {{ sonarQubeToken }}
{% endif %}
{% endif %}
{% if servicemesh.enabled is defined and servicemesh.enabled == true %}
    servicemesh:
      istioPilotHost: http://istio-pilot.istio-system.svc:8080/version
      jaegerQueryHost: http://jaeger-query.istio-system.svc:16686
      servicemeshPrometheusHost: http://prometheus-k8s.kubesphere-monitoring-system.svc:9090
{% endif %}
{% if openpitrix.enabled is defined and openpitrix.enabled == true %}
    openpitrix:
      runtimeManagerEndpoint:    "hyperpitrix.openpitrix-system.svc:9103"
      clusterManagerEndpoint:    "hyperpitrix.openpitrix-system.svc:9104"
      repoManagerEndpoint:       "hyperpitrix.openpitrix-system.svc:9101"
      appManagerEndpoint:        "hyperpitrix.openpitrix-system.svc:9102"
      categoryManagerEndpoint:   "hyperpitrix.openpitrix-system.svc:9113"
      attachmentManagerEndpoint: "hyperpitrix.openpitrix-system.svc:9122"
      repoIndexerEndpoint:       "hyperpitrix.openpitrix-system.svc:9108"
{% endif %}
{% if multicluster.clusterRole is defined and multicluster.clusterRole == "host" %}
    multicluster:
      enable: true
      agentImage: {{ tower_repo }}/{{ tower_image }}:{{ tower_image_tag }}
      proxyPublishService: tower.kubesphere-system.svc
{% if multicluster.proxyPublishAddress is defined and multicluster.proxyPublishAddress != "" %}
      proxyPublishAddress: {{ multicluster.proxyPublishAddress }}
{% endif %}
{% endif %}
    monitoring:
      endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
{% if logging.enabled is defined and logging.enabled == true %}
    logging:
{% if esHost is defined %}
      host: {{ esHost }}
{% elif common.es.externalElasticsearchUrl is defined and common.es.externalElasticsearchPort is defined %}
      host: http://{{ common.es.externalElasticsearchUrl }}:{{ common.es.externalElasticsearchPort }}
{% else %}
      host: http://elasticsearch-logging-data.kubesphere-logging-system.svc:9200
{% endif %}
{% if esIndexPrefix is defined %}
      indexPrefix: {{ esIndexPrefix }}
{% else %}
      indexPrefix: ks-{{ common.es.elkPrefix }}-log
{% endif %}
{% endif %}
{% if events.enabled is defined and events.enabled == true %}
    events:
{% if common.es.externalElasticsearchUrl is defined and common.es.externalElasticsearchPort is defined %}
      host: http://{{ common.es.externalElasticsearchUrl }}:{{ common.es.externalElasticsearchPort }}
{% else %}
      host: http://elasticsearch-logging-data.kubesphere-logging-system.svc:9200
{% endif %}
      indexPrefix: ks-{{ common.es.elkPrefix }}-events
{% endif %}
{% if auditing.enabled is defined and auditing.enabled == true %}
    auditing:
      enable: true
{% if common.es.externalElasticsearchUrl is defined and common.es.externalElasticsearchPort is defined %}
      host: http://{{ common.es.externalElasticsearchUrl }}:{{ common.es.externalElasticsearchPort }}
{% else %}
      host: http://elasticsearch-logging-data.kubesphere-logging-system.svc:9200
{% endif %}
      indexPrefix: ks-{{ common.es.elkPrefix }}-auditing
{% endif %}
{% if alerting.enabled is defined and alerting.enabled == true %}
    alerting:
      endpoint: http://alerting-client-server.kubesphere-alerting-system.svc:9200/api/
{% endif %}
{% if notification.enabled is defined and notification.enabled == true %}
    notification:
      endpoint: http://notification.kubesphere-alerting-system.svc:9200
{% endif %}
kind: ConfigMap
metadata:
  name: kubesphere-config
  namespace: kubesphere-system
